package com.dk.system.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;

/**
 * @version:1.00.00
 * @description:Security配置,如果使用继承WebSecurityConfigurerAdapter然后实现config方法的话，需要web依赖，而web又与gateway冲突
 * @author:DK
 * @date:2021-06-0710:18
 */
@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true,prePostEnabled = true)//一定要加上
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    //安全拦截机制

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .authorizeRequests()
                .antMatchers("/r*").permitAll() // 所有的/r*的请求都必须认证通过
                .anyRequest().permitAll(); // 除了/r*的请求都不用认证通过
    }

}
